1. Field of the Invention
Embodiments of the invention relate to the field of virtualization technology, and more specifically, to embedded information technology.
2. Description of Related Art
In a virtualized platform environment, the networking resources of the platform may be emulated or shared among one or more virtual machines (VMs) running on the platform. The network resources may be coordinated and managed by a sole privileged input/output (IO) virtual machine (IOVM) which provides virtualized IO services to other VMs. One application of virtualization technology is embedded information technology (EIT) where a privileged IO domain controls access to network resources on the platform. This privileged domain provides various packet filtering, network firewall, and packet inspection services to detect intrusion, viruses, spyware, etc. based on the packet traffic. It runs in an environment that is separate and isolated from the application that the end user utilizes to access the network.
One limitation of this approach is that much contextual information about the network packets and traffic may be lost when the data is transferred between the two domains. In addition, using firewalls configured by pre-determined network policies leads to inefficient utilization of resources such as physical queues and packet filters.